Re: Fixing insecure security definer functions

From: Sergiy Vyshnevetskiy <serg(at)vostok(dot)net>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Fixing insecure security definer functions
Date: 2007-08-10 18:45:11
Message-ID: Pine.LNX.4.64.0708102115590.28860@uanet.vostok.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers


> 3. Add optional clauses to CREATE FUNCTION and ALTER FUNCTION to specify
> the propath value. I suggest, but am not wedded to,
> PATH 'foo, bar'
> PATH NONE
> Since PATH NONE is the default, it's not really needed in CREATE
> FUNCTION, but it seems useful to allow it for ALTER FUNCTION.

I think NONE may be a bit misleading, as if path will be empty.
CURRENT sounds better for this.

Add
PATH SAVED
as shorthand to
PATH current_setting('search_path')
as well.

Default should be SAVED for SECURITY DEFINER functions.
A parameter to set the default for SECURITY INVOKER functions would be
nice too.

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Gregory Stark 2007-08-10 18:50:24 Re: Unexpected VACUUM FULL failure
Previous Message Jonah H. Harris 2007-08-10 18:14:19 Re: crypting prosrc in pg_proc